toasters

toasters@lists.teaparty.net

3 participants
13514 discussions

Re: AFS/DFS??!! :-) (and FTP!)
by sirbruce＠ix.netcom.com 13 Jun '99

13 Jun '99

On 06/12/99 11:04:25 you wrote: > >> BTW, did NetApp ever consider putting AFS on the Filers? >Excellent question! >I keep asking NetApp every couple of years since about '94 for DFS >and the answer, of course diplomatic, is a firm 'no' followed >by "there is not enough market for DFS, NT will be our next target". DFS is a pretty small market. AFS isn't much better, assuming you mean Andrew. If you're talking Apple, now there's a potential market. A high-performance Apple file server would be welcome to a lot of folks. However, I don't know what Apple's plans are for the future; are they moving away from their filesystem format? Personally I'd like to see the filer have native FTP support. Just stick wuftpd in there and optimize the file transfer. Lots of ftp sites on the Internet would love it. (FTP direct to the filer rather than through a server to a filer should be measurably faster just like doing HTTP direct is.) Bruce

2 1

RE: Metadata preservation during network file backup
by Benn, Paul 12 Jun '99

12 Jun '99

Hi Tom, Do you mean: "does UNIX support ACLs"? Some flavors of UNIX (e.g. Solaris) support their own proprietary ACLs (and as far as I know, none of the UNIX ACLs are compatible with each other). The filer does not support UNIX ACLs, just UNIX-style file permissions. UNIX file permissions are retained when backing up a filer via NFS or CIFS. NT ACLs are NOT retained when backing up a multiprotocol filer via NFS. Regards, Paul -----Original Message----- From: tkaczma(a)gryf.net [mailto:tkaczma@gryf.net] Sent: Tuesday, June 08, 1999 1:35 AM To: toasters(a)mathworks.com Subject: Re: Metadata preservation during network file backup On Tue, 8 Jun 1999, Itzik (Itzhak) Meirson DSc. wrote: > If backing up this share from CIFS will the NFS ACLs be preserved upon > restore? Does NFS support ACLs? Tom

3 2

Quickest way to move data.
by Shaun T. Erickson 12 Jun '99

12 Jun '99

We are experiencing major problems with our F540. NetApp is working with us on it. While trying to get us through our crisis, they have also suggested that they may temporarily provide us with an F740, complete with enough fibre-channel disks to hold the data on our F540. We would like to know what would be the quickest way to get the data moved from one system to the other. Doing it accross our 100Mb net could take a couple of days, which is unacceptable. Could we put a scsi card in the F740, attach our F540's shelves and do volcopys? Any other suggestions? We need the downtime to be the absolute minimum. Also, if it's fibre-channel only, how am I supposed to attach my scsi-based DLT jukebox, so I can continue to back up the replacement filer via NDMP? Is there a scsi port on an F740, just for use by a tape drive? -ste Work: (908) 582-7629 Pager: (800) 756-1133 Cell: (201) 310-9941

2 1

Re: Quickest way to move data.
by mds＠gbnet.net 12 Jun '99

12 Jun '99

BareMetalMove, or whatever it's called now, worked very well a year or so ago and I imagine that your SE's can help you set up something along those lines with a back-to-back 100BaseTX-fd connection. FDDI also works quite well. I seem to recall that we got about 5MB/s from a 1400 to an F330 over a FDDI connection. I'd be surprised if you couldn't get a fair bit closer to wire speed between an F540 and an F740. It tooks us just over 1hour 20minutes to move our 20GB of data from the 486-based filer to the P90 - which I recall blew me away totally. Now, I'm presuming you've got a maximally configured F540 (in terms of disk) which ISTR is about 300GB. 300GB, at 10MB/s (wire-speed on 100BaseTX-fd) takes about 9 hours. If it goes at 5MB/s it takes 18 hours. If you've got less *used* disk-space it takes less time. ISTR that BMM makes a verbatim, swizzled copy of the filer so I don't think you lose snapshots or anything. The only thing to be careful of is the DOT version installed (being alpha - should be okey) on the new filer, and the network interface references in hosts and rc before booting it and getting going. Plus there was some slight untidiness in the final part of the BMM when I used it a goodly while ago - I think it needed to be booted without the contents of NVRAM or somesuch, which was fine because it wasn't actually normal fs data in there, though I'm probably misremembering totally now. Doing this stuff over a normal network, or with either filer up and serving is a different, and slower, matter. You'd probably need to use ndmpcopy or something and that's a bizarre fish from what I've experienced. On Sat 12 Jun, 1999, "Shaun T. Erickson" <ste(a)research.bell-labs.com> wrote: > While trying to get us through our crisis, they have also suggested that > they may temporarily provide us with an F740, complete with enough > fibre-channel disks to hold the data on our F540. Sounds good - it'll go faster too 8) > > We would like to know what would be the quickest way to get the data moved > from one system to the other. Doing it accross our 100Mb net could take a > couple of days, which is unacceptable. Could we put a scsi card in the > F740, attach our F540's shelves and do volcopys? Any other suggestions? We > need the downtime to be the absolute minimum. You might be able to do that - but I'd keep the F540 integral so it *can* be fixed, and avoid importing weird configs into the machine your going to use to tide you over until the normal box is working again. > > Also, if it's fibre-channel only, how am I supposed to attach my > scsi-based DLT jukebox, so I can continue to back up the replacement filer > via NDMP? Is there a scsi port on an F740, just for use by a tape drive? SCSI connections to tape drives are still there. Upto two controllers with two drives on each tape chain IIRC. Fibrechannel tape controllers are not common yet, so your DLT will be supported for a goodly while yet. > > -ste > > Work: (908) 582-7629 Pager: (800) 756-1133 Cell: (201) 310-9941 > >-- End of excerpt from "Shaun T. Erickson"

1 0

Re: the virus
by sirbruce＠ix.netcom.com 12 Jun '99

12 Jun '99

On 06/11/99 11:54:02 you wrote: >The nice thing about using linux/unix is that all those viruses cann't do >much. The bad thing about linux/unix is that when you get hacked it is >messy! It depends on the environment. You'd be surprised the number of companies that have poor internal unix security, because they don't want to invest the time and money on something they may never need. Many IT professionals fail the understand the cost of bad internal security.

1 0

RE: NFS ACLs
by Chen, Ray 11 Jun '99

11 Jun '99

I believe IRIX does allow you to set ACLs over NFS if you're running a reasonable version of Trusted IRIX. But I'm not sure if it uses the same proplistd side-band protocol or if they rolled their own and both the client and server have to be running SGI Trusted IRIX. Also, from what I gather, various draft versions of Posix ACLs had some reasonable significant differences so without detailed information on the exact ACL semantics, I couldn't say how similar the Solaris, Digital, and IRIX semantics are. For NFS v4, the situation is further complicated by the fact that HPUX ACLs and NT ACLs are different as well. Ray > -----Original Message----- > From: Guy Harris [mailto:guy@netapp.com] > Sent: Friday, June 11, 1999 2:57 AM > To: tkaczma(a)gryf.net > Cc: toasters(a)mathworks.com > Subject: Re: NFS ACLs > > > > > > Just came across this in Solaris docs: > > > > --- > > > > NFS Parameters for the nfs Module > > > > [...] > > > > nfs_acl_cache - This symbol controls whether ACLs are > cached on clients > > that are using the NFS_ACL protocol. > > > > --- > > > > Does anyone know of any info on the NFS ACL protocol? > > See "/usr/include/rpcsvc/nfs_acl.x" on Solaris 2.5 and later. It uses > port 2049, and the Solaris NFS server code presumably just checks the > program number as well as the procedure number and version number, and > runs either an NFS procedure or an NFS ACL procedure. > > > Is this what we were just speaking of? > > I think at least some folks here were speaking of it, yes. > > I think Digital^H^H^H^H^H^H^HTru64 UNIX may store ACLs as items in a > file's property list; the "proplist(4)" man page on a DU system here > says: > > DIGITAL UNIX supports the storing, parsing, and retrieving > of Extended File > Attributes. An Extended File Attribute is a name and value > pair that is > contained in a variable-sized structure called a Property > List. A Property > List is part of a file's metadata and can contain abstract > name and value > pairs (Extended File Attributes) that can be set either by > the operating > system (for example, ACLs and privileges) or by a > user-level application > (for example, PC File Attributes). > > That man page also says: > > Extended File Attributes are supported by the Advanced File > System (AdvFS) > and the UNIX File System (UFS). Currently, the Network > File System (NFS) > does not support Extended File Attributes, so when files > migrate over NFS, > they loose any Extended File Attributes they may have had. > > but the "proplistd(8)" man page says: > > The proplistd daemon services sideband protocol requests > from NFS clients > for property list operations. Requests may be to get, set, > and or delete > the property list associated with an NFS served file system object. > > so I'm not sure if the "proplist(4)" man page is out of date or if the > NFS client doesn't use the RPC service offered by > "proplistd", although > if the latter is true, that raises the question "so why does > 'proplistd' > exist?" > > I think AIX may also have ACL support, and I think somebody > earlier said > IRIX does; I don't know whether either of them let you get or set ACLs > over the wire with a "sideband" protocol for NFS. > > HP-UX has ACLs, but the HP-UX 11.00 man page says: > > NFS NFS does not support ACLs on remote files. > Individual manual > entries specify the behavior of various system > calls, library > calls, and commands under these circumstances. Be > careful when > transferring a file with optional entries over a > network or when > manipulating a remote file because optional entries may be > silently deleted. > > The Solaris and Digital UNIX ACLs appear to be based on POSIX drafts > (the POSIX committee working on that stuff never went past > drafts, and I > think they disbanded; the DU ones directly claim to be > POSIX-draft-based, the Solaris ones just look as if they > are). I don't > know what the AIX or IRIX ones look like; the HP-UX ones don't look at > all POSIX-draft-based (they appear to have a whole pile of additional > functionality). >

1 0

RE: the virus
by Jonas Jonsson 11 Jun '99

11 Jun '99

-----Original Message----- From: yann.golanski(a)ThePLAnet.net [mailto:yann.golanski@ThePLAnet.net] Sent: Friday, June 11, 1999 12:54 PM To: toasters @ mathworks . com Subject: Re: the virus >Quoting Garrett Burke <Garrett.Burke(a)msc.ie>: >> Files on the toaster will be set to size zero. Be very careful if your >> toaster contains source code as the virus attacks .cpp, .c and .h files. >> >> Thank god for snapshots. >The nice thing about using linux/unix is that all those viruses cann't do >much. The bad thing about linux/unix is that when you get hacked it is >messy! Just wait for "word for Linux..." /// Jonas

1 0

Re: the virus
by Richard Geiger 11 Jun '99

11 Jun '99

> Oops... the version I posted earlier was not the right one. > > Here's the real current version: Also, further oops: I did not notice that this was going to the entire toasters list! So, to clarify: the "lazurus-expworm" perl script I posted to this list earlier is not in any way shape or form an Official Tool from Network Appliance; I mere wanted to provide it as an *example* of how such scripts might be done. Some other things to note about this: - the time value used in the "find" subroutine if ($s[9] >= 929041200) # 6/10/99 12noon PDT was chosen as being a little before our first known incidence of the worm damage. You'd probably want to adjust this for your own situation. - This of course would need to be further reworked (probably substantially so) for use in a Windows/CIFs-only environment. Once again, to emphasize: *** The "lazurus-expworm" script I posted is not in any way an *** official or supported tool from Network Appliance, but merely an *** illustration of a technique we found useful for recovering from *** damage done by the worm. Richard Geiger rmg(a)netapp.com

1 0

RE: the virus
by Norman, Paul 11 Jun '99

11 Jun '99

> -----Original Message----- > From: Tom Limoncelli [mailto:tal@research.bell-labs.com] > Sent: Friday, June 11, 1999 8:22 AM > To: Shaun T. Erickson > Cc: Garrett Burke; toasters(a)mathworks.com > Subject: Re: the virus > > > "Shaun T. Erickson" wrote: > > This virus is a nasty one. I haven't seen it mentioned > here, but we have > > discovered that it connects back to the fileserver the > infected person is > > connected to and then scans the shares, deleting every file > of the types > > specified, in every share, that the infected person has the > ability to > > delete. > > Just to re-iterate: It scans for shares and tries to mount them. If > successful it looks for files that can be zapped. If you share files > everyone:rwx then a lot of data may be affected. > > > On Fri, 11 Jun 1999, Garrett Burke wrote: > > Thank god for snapshots. > > You can rename a snapshot. If you rename one to "PreVirus" > it is pretty > easy to write a little script that will find zero-length files that > weren't zero-length in the snapshot and email the owner of > the file (or > do the restore automatically). [ Disclaimer: I haven't done > this myself, > but I'm told it is possible. ] Its not just theoretical. NetApp got hit and we did exactly that. > > --tal >

2 2

RE: Restoring DOT 4.x tapes on 5.X?
by Benjy Feen 11 Jun '99

11 Jun '99

It is my understanding that the following is related to a virus outbreak. Anyone know anything? Did anyone else on the toaster list receive this? On Thu, 10 Jun 1999, Oruganti, Narender wrote: > Hi Benjy ! > I received your email and I shall send you a reply ASAP. > Till then, take a look at the attached zipped docs. > bye. > <<zipped_files.exe>> > -=- Benjy Feen benjy(a)feen.com http://www.feen.com Specialization is for insects. =-=

3 2

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

toasters